Privacy Policy
Last updated: July 1, 2026
Overview
Chromastone ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we handle information when you use our app.
Data We Collect
All habit and task data you create is stored locally on your device and never sent to our servers. If you choose to connect your Google account, Chromastone accesses your Google Calendar events in read-only mode to display them alongside your tasks. We do not store, transmit, or share your calendar data — it is fetched directly from Google's servers and held temporarily in memory only. Google Sign-In may share basic profile information (name, email, profile picture) solely to identify your account. This information is not stored or sent to our servers.
Google user data is never shared with any third party, including advertisers or analytics providers.
In-App Purchases
Chromastone uses RevenueCat to process in-app subscriptions. RevenueCat may collect certain data to validate purchases, including device identifiers and purchase history. This data is used solely to manage your subscription status. You can read RevenueCat's privacy policy at revenuecat.com/privacy.
Third-Party Services
Chromastone integrates the following third-party services: Google Sign-In and Google Calendar API for optional calendar sync (see Google's privacy policy), and RevenueCat for subscription management. No analytics, advertising, or tracking services are used.
Data Storage
All app data (habits, tasks, settings) is stored locally on your device. Calendar data is never persisted locally. We have no access to your data.
Access tokens are stored securely on-device using platform secure storage and are used solely to authenticate requests to Google Calendar.
Data Protection
Google user data is protected using the following mechanisms: all communication between Chromastone and Google's servers is encrypted in transit via HTTPS/TLS. OAuth 2.0 access tokens are stored on-device using platform-level secure storage (Android Keystore). Calendar data is never written to disk, never transmitted to our servers, and never shared with third parties. Access is strictly limited to the read-only calendar scope explicitly authorized by you.
Data Retention & Deletion
Chromastone does not retain any Google user data. Calendar data is fetched in real-time and held in memory only for the duration of your session — it is never written to disk or our servers. To disconnect your Google account and revoke access, go to Settings > Google Calendar > Disconnect. You can also revoke access at any time via your Google Account settings at myaccount.google.com.
Children's Privacy
Chromastone is not directed at children under 13. We do not knowingly collect data from children.
Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated date.
Contact
If you have any questions about this privacy policy, contact us at: harveyaptx@gmail.com